Passive FTP over pfsense
Here the out-of-date information: http://doc.pfsense.org/index.php/Howto_setup_ftp_server_behind_pfsense
How to force to work passive FTP from LAN to WAN.
In current snapshot passive ftp doesn't work.
$ ftp 22.214.171.124 Connected to 126.96.36.199. 220 Welcome to Yandex FTP service (sower.yandex.ru). Name (188.8.131.52:mike): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 ftp ftp 263 Aug 13 06:04 HEADER.txt drwxr-xr-x 12 ftp ftp 4096 Oct 27 2009 altlinux drwxr-sr-x 15 ftp ftp 4096 Apr 08 09:54 altlinux-beta ... 226 Directory send OK. ftp> passive Passive mode on. ftp> dir 227 Entering Passive Mode (93,158,155,195,219,180) ftp: connect: Connection timed out
In revision 049a688e5daac240b2651bbd2cc178612741d23a removed all ftp-helper programs.. why?
#1 Updated by Jesse Norell about 9 years ago
Mike, do you have floating firewall rules in use? See issue #863.
I just updated to 2.0-BETA4 (i386) built on Tue Sep 7 23:11:08 EDT 2010 (latest) and tested LAN->WAN ftp connection, both passive and active mode worked fine without floating rules in use - with floating rules, the passive mode connection worked, the active mode failed (different than what you're reporting). This is the flip side of issue #863, where passive fails for a WAN->LAN connection with floating rules in use.
The ftp helper was removed because it's handled in the kernel now.